KR101527249B1 - Ip address delegation - Google Patents

Abstract

A method is provided for verifying a request made to an IPv6 address that includes a network routing prefix and a cryptographic creation interface identifier. Wherein the request comprises at least one of an expression or equations for generating at least the public key of the host, one or more additional parameters or one or more additional parameters, a specification of a range or set of IPv6 network routing prefixes, an identity of the host being delegated, And a delegation certificate comprising a digital signature taken with respect to said specification of a range or set of at least said identity and IPv6 network routing prefixes using a private key associated with the key. The method further comprising verifying that the network routing prefix of the IPv6 address is included in the specification, verifying that the public key and the additional parameter (s) can be used to generate the cryptographic generated interface identifier, And verifying the signature using the public key.

Description

IP address delegation {IP ADDRESS DELEGATION}

The present invention relates to IP address delegation and more particularly to delegation of responsibility for a Cryptographically Generated Address from a node that owns the address to an additional node.

IPv6 addresses are 128 bits in length. The first 64 bits of the address form a routing prefix that uniquely identifies the Internet access node (or so-called "local link") used by the IP terminal or node, while the latter 64 bits Form a host suffix that uniquely identifies the mobile terminal to the access node (or within the local link). The host suffix is referred to as the "interface identifier" when it uniquely identifies the host via the access interface. Typically, when a host is registered with an access node, the host learns the routing prefix of the access node from the advertisement message sent from the access node. According to IETF RFC3041, the host then generates its own interface identifier using a random number generated by the host. The host can additionally generate the interface identifier using the link layer address, which is, for example, the MAC layer address used by the access network.

WO02 / 076060 describes how a node may use a one-way coding function such as a hash function to generate an encrypted version of an interface identifier and subsequently verify that the node is the owner of the interface identifier of the IP address Desc / Clms Page number 2 > how the encrypted version can be provided to other peer users. Such encryption origination addresses are known as CGAs. CGAs provide a level of security that helps to prevent denial-of-service attacks that the attacker claims, for example, that the IP address that the node wants to use is the attacker's owner. The CGA method is standardized in IETF RFC 3972 and is used in Secure Neighbor Discovery (SeND) standardized in IETF RFC 3971.

According to RFC 3972, CGAs are generated as follows:

Hash1 = hash (modifier | prefix | public key | extension)

IPv6 address = prefix | Hash1 (with certain bits according to security level and other requirements).

Where "prefix" is the network routing prefix, "hash" is the cryptographic hash function (SHA-1), "public key" is the public key of the node that originated the address, Is a field that is not currently used to return standardized information. The "modifier" is a 128-bit value generated by the node not only to increase security but also to improve randomness. In particular, depending on the level of security required, the modifier value may be set to a particular value of the data (including the modifier and public key) hashing to a value ("Hash2") with a number of " The connection is chosen to generate.

To prove ownership of a CGA, a node must be able to provide a certificate that contains the CGI address, modifier, public key, and an Interface Identifier (IID) portion of any extension, arranged as a CGA data structure. The certificate includes a digital signature (SHA-1) taken across the message to be transmitted using the node's private key. The peer node receiving the certificate computes Hash2 and verifies that it has the correct number of "0" s in the leftmost bit places. If so, the node verifies the signature by computing Hash1 and comparing it with the IID to detect if the IID belongs to a public-private key pair and then reverse the signature process using the verified public key. This second step not only verifies that the sender actually owns the public key and is just misrecognizing it, but also verifies that the message originated from the claimed sender.

A host ("delegating" node) that owns the CGA can delegate responsibility for the address to some additional nodes (the "delegated" node), such that the delegated node is directed to the node It is possible to request. This is accomplished by providing a delegated node with a certificate that includes a CGA, a CGA data structure, an identity of the delegated node, and a signature generated using the public key of the delegating node. To prove to a third party that it is allowed to use the alleged CGA, the delegated node verifies the certificate by verifying that the IID belongs to the public key and that the certificate is validly signed by the owner of the public key To a third party who can do so. If the identity is the public key of the delegated node, then the delegated node signs any request associated with the CGA with its private key to prove that the third party owns the claimed identity .

The problem with this method of delegation is that the certificate provided to the node being delegated by the delegating node is bound to a single CGA. If the delegating node changes its IPv6 address, for example due to mobility and the use of the new network routing prefix, a new certificate must be provided to the delegated node.

According to a first aspect of the present invention, a method is provided for verifying a request made to an IPv6 address comprising a network routing prefix and an encryption-generated interface identifier. Wherein the request comprises at least one of an expression or equations for generating at least the host's public key, one or more additional parameters or one or more additional parameters, a specification of a range or set of IPv6 network routing prefixes, an identity of the host being delegated, And a delegation certificate comprising a digital signature taken with respect to said specification of a range or set of at least said identity and IPv6 network routing prefixes using a private key associated with the key. The method further comprising verifying that the network routing prefix of the IPv6 address is included in the specification, verifying that the public key and the additional parameter (s) can be used to generate the cryptographic generated interface identifier, And verifying the signature using the public key.

Embodiments of the present invention allow a host to delegate responsibility for IPv6 addresses to additional hosts even when addresses are not yet generated.

When an address is used, subsequent signaling between hosts is reduced or even eliminated.

According to a preferred embodiment, the one or more additional parameters include a modifier that introduces some degree of randomness to the address generation process. More preferably, the certificate includes an expression for creating the modifier so that the modifier is changed each time an interface identifier is generated. The one or more additional parameters may also include one or more extensions.

The range or set of IPv6 network routing prefixes may be a subset of all available routing prefixes. Alternatively, the specification of the range or set of IPv6 network routing prefixes may specify all available routing prefixes, i.e., the certificate authorizes the delegating node to operate on all routing prefixes.

Wherein verifying that the public key and the additional parameter (s) can be used to generate the cryptographically generated interface identifier comprises: using the network routing prefix of the IPv6 address in the verification process, . ≪ / RTI > The hashing algorithm may also be used to verify the signature, using the public key.

According to a second aspect of the present invention there is provided an IPv6 host comprising a first processor configured to generate a delegation certificate, the certificate comprising at least the public key of the host, one or more additional parameters or one or more additional parameters Of a range or set of IPv6 network routing prefixes, a range or set of IPv6 network routing prefixes, an identity of the host being delegated, and a private key associated with the public key, Includes digital signatures taken against the specification. The public key and the one or more additional parameters may be used to calculate an interface identifier portion of the cryptographic generated address. Wherein the host generates an interface identifier by using the output to provide the certificate to the delegated host and at least the public key and the one or more additional parameters, And a second process configured to combine with the network routing prefix included in the range or set of the network routing prefixes. The output may be further configured to send a notification to the delegating host when the cryptographic generated address has been generated, and the notification includes the cryptographic generated address.

According to a third aspect of the present invention there is provided an IPv6 host comprising a first input for receiving a delegation certificate from a peer IPv6 host, said certificate comprising at least a public key of the peer host, At least the identity and the range of IPv6 network routing prefixes using the identity or expressions for generating parameters, the specification of the range or set of IPv6 network routing prefixes, the identity of the receiving host, the private key associated with the public key, And a digital signature to be taken for the above specification of the set. Wherein the host has a second input for receiving from the peer host a notification that the peer host is using an encrypted generated address mapping to the certificate and a request for the encrypted generated address to a third party node And an output to include the certificate in the request.

According to a fourth aspect of the present invention there is provided a method for generating an IPv6 network routing prefix, the method comprising: determining at least one of a host key, an expression or equations for generating one or more additional parameters or one or more additional parameters, a specification of a range or set of IPv6 network routing prefixes, And a digital signature that is taken with respect to said specification of a range or set of at least said identity and IPv6 network routing prefixes using a private key associated with a fraudulent public key.

As described above, when the certificate provided to the node delegated by the delegating node according to the present invention is not associated with a single CGA and the delegating node changes its own IPv6 address, a new certificate is provided to the delegated node .

Figure 1 schematically illustrates an exemplary structure for a new CGA delegation certificate;
2 schematically shows the components of a communication system involved in the creation and use of a CGA delegation certificate;
3 is a flow diagram illustrating a process for verifying a request made to an IPv6 address;

In order to allow an IPv6 node or host (the "delegating" node) to delegate responsibility for cryptographic generated IP addresses that have not yet been determined to some additional node (the "delegated" node) And generating a certificate containing information necessary to generate the undetermined CGAs. The certificate contains the signature generated by the private key of the delegating node and is provided to the delegating node. By providing the certificate to a third party, the delegated node can subsequently prove its mandated obligation to the claimed CGA.

Considering the delegation mechanism in more detail, a node attempting to delegate responsibility for CGAs that have not yet been determined generates a certificate with the data structure shown in FIG. The certificate includes a new data structure and the identity of the node being delegated. This identity may be a public key belonging to the node being delegated. The new data structure consists of the modifier, the public key of the delegating node, any extensions, and a range, set or other specification of acceptable network routing prefixes. Acceptable prefixes may be algorithmically defined using, for example, a Bloom filter, and in fact the data structure may include an indication that all prefixes are acceptable. Rather than defining a single modifier value, the data structure may identify a means of generating a modifier, e.g., a reference to an algorithm or algorithm so that the modifier can identify a known input value, such as the network routing prefix and the current time Can be generated deterministically. If time is used, CGAs will be time boundaries. Properly coarse granularity should be used, for example, at intervals of one hour. Similarly, any used extensions can be algorithmically defined.

Assuming that the security level required for the CGA is set to its lowest value (i.e. sec = 0 according to RFC3972), the algorithm for creating the modifier can be easily defined. More complex considerations occur when sec> 0.

The delegating node includes the signature generated by its private key in the certificate and provides the certificate to the delegated node. This can be done by any suitable mechanism, for example using the mechanism described in Section 6 of IETF RFC3972. As will be appreciated by those skilled in the art, the signature is associated with a CGA data structure. At some later point in time, the delegating node will generate the CGA itself. To do this, it will use the specific algorithm (s), if necessary, to generate modifiers (and any extensions), select or generate the appropriate network routing prefixes, and follow the procedure outlined in Section 4 of RFC 3972 .

At this time, the delegating node will notify the delegating node of its new IPv6 address. Subsequently, if the delegating node wishes to ask the third party node (the "verifying" node) to operate on the new CGA, the delegated node must include the certificate with the request. The verifying node performs the following operations to verify the request:

This extracts the network routing prefix from the CGA and verifies that it corresponds to any set or range specified in the CGA data structure of the certificate.

It then extracts or generates the modifier from the data structure as well as extracts the public key and optional extension (s) of the delegating node.

Since the actual collision factor values used during CGA generation will not be recognized at the time of verification, the verification node sets the collision coefficients successively to 1, 1, and 2 and then verifies that the DGA belongs to the node's public key It must perform the algorithm of Section 5 of IETF RFC3972.

If the CGA is verified correctly, the verifying node tries to verify that the signature contained in the certificate has been generated using the private key corresponding to the public key of the delegating node.

If the signature is verified correctly, the verifying node tries to verify that the sender of the request, i.e. the certifying node, is the owner of the identity contained in the certificate. If the identity is an additional public key, it may include verifying the supplementary signature included in the request generated using the private key of the authenticating node.

Assuming that the security level is set low, i.e. sec = 0, it is not necessary to verify the node to compute Hash2. sec> 0, then the procedure described in Section 5, Steps 6 and 7 of RFC3972 shall be performed.

Figure 2 schematically shows a delegation node 1 comprising a first processor which is configured to generate a delegation certificate as described above. The second processor 3 is configured to generate a CGA using the parameters contained in the certificate. Both the certificate and the notification of CGA generation are sent to the node 5 which is delegated via the output (4). The node 5 receives the certificate at the first input 6 and receives notifications at the second input 7. The processor 9 is responsible for generating requests for the CGA to be delegated and sending them to the verification node 10 along with the certificate. The three-step verification process is performed on the certificate, i.e., verifying that the routing prefix is within range 12, verifying that the IID matches the public key 13, and verifying the signature 14.

3 is a flow chart illustrating a process for verifying a certificate. These steps include receiving a request (from a delegated node) (step 100) from a delegated node in the verification node, extracting a routing prefix from the CGA (step 101), determining whether the routing prefix is within a specified range (Step 102), verifying the CID's IID (step 103), and verifying the signature (step 104). If the verification fails at any step, the request is rejected (step 106). If all the verification steps are successful, the request is accepted and processed (step 105).

It will be appreciated by those skilled in the art that various modifications may be made to the embodiments described above without departing from the scope of the invention.

Claims (12)

CLAIMS What is claimed is: 1. A method for verifying a request made to an IPv6 address comprising a network routing prefix and an encryption-
Wherein the request comprises a delegation certificate comprising an expression for generating at least a public key of the host, one or more additional parameters or one or more additional parameters, a specification of a range or set of IPv6 network routing prefixes, an identity of the delegated host, Comprising a digital signature obtained through said specification of a range or set of at least said identity and an IPv6 network routing prefix using a private key associated with a public key,
Verifying that the network routing prefix of the IPv6 address is included in the specification;
Verifying that the public key and the additional parameter can be used to generate the encryption generation interface identifier; And
And verifying the signature using the public key. ≪ RTI ID = 0.0 > 31. < / RTI > The method according to claim 1,
Wherein the at least one additional parameter comprises a modifier. 3. The method of claim 2,
Wherein the certificate includes an expression for creating the modifier so that the modifier is changed whenever the modifier generates an interface identifier. 4. The method according to any one of claims 1 to 3,
Wherein the one or more additional parameters comprise one or more extensions. 4. The method according to any one of claims 1 to 3,
Wherein the range or set of IPv6 network routing prefixes is a subset of all available routing prefixes. 4. The method according to any one of claims 1 to 3,
Wherein the specification of the range or set of IPv6 network routing prefixes designates all available routing prefixes. 4. The method according to any one of claims 1 to 3,
Wherein verifying that the public key and the additional parameter can be used to generate the cryptographic generated interface identifier comprises using the network routing prefix of the IPv6 address in a verification process. A method for verifying a request to be made to a request. 4. The method according to any one of claims 1 to 3,
Wherein verifying that the public key and the supplemental parameter can be used to generate the cryptographic generated interface identifier and verifying the signature each include using a hashing algorithm. How to validate a request. For IPv6 hosts,
A delegation certificate comprising an expression for generating at least a public key, one or more additional parameters or one or more additional parameters of the host, a specification of a range or set of IPv6 network routing prefixes, an identity of a delegated host, A first processor configured to generate a digital signature using at least the identity and the IPv6 network routing prefix range or set of specifications using an associated private key, wherein the public key and the at least one additional parameter are associated with an encryption- Said first processor being capable of being used to calculate an interface identifier portion of said first processor;
Output means for providing the certificate to the delegated host; And
Configured to combine the interface identifier with a network routing prefix included in the range or set of the prefix to generate an interface identifier using at least the public key and the at least one additional parameter, 2 < / RTI > processor. 10. The method of claim 9,
The output means may be further configured to send a notification to the delegated host when an encrypted generated address has been generated, the notification comprising the encrypted generated address. For IPv6 hosts,
A delegation certificate including an expression for generating at least one public key, one or more additional parameters or one or more additional parameters of the peer IPv6 host from a peer IPv6 host, a specification of a range or set of IPv6 network routing prefixes, First input means for receiving a digital signature obtained via said specification of at least said identity and a range or set of IPv6 network routing prefixes using a private key associated with said public key;
Second input means for receiving, from the peer IPv6 host, a notification that the peer IPv6 host is using an encrypted generation address that maps to the certificate; And
An output means for sending a request for the encrypted generated address to a third party node and including the certificate in the request. A delegation certificate comprising an expression for generating at least one public key of the host, one or more additional parameters or one or more additional parameters, a specification of a range or set of IPv6 network routing prefixes, an identity of the delegated host, And a digital signature obtained through said specification of at least said identity and a range or set of IPv6 network routing prefixes using said private key.

Images